BPCE_REGISTRATION_DOCUMENT_2017

RISK REPORT Non-compliance risks, security and operational risks

the integration of CNP Assurances in the Group’s ICAAP - approach, following the establishment of the additional Supervisory Committee. In terms of insurance compliance,a regulatory project was launched in 2017 and will be completedin 2018 with the InvestmentServices Compliancefunction.The project pertains to IDD, PRIIPs and MiFID 2. BPCE’s Compliance department is responsible for monitoring the operationalapplicationof these directives throughouthe Group. In addition to the MiFID 2, IDD and PRIIPs projects, producer/distributorworkinggroupswere specificallycreatedto cover the fivePillars of the InsuranceDistribution Directive: Pillar 1 “Product governance and distribution rules”: this ● Pillar ensures consistency between the level of risk, the target market and the distribution strategy of aproduct; Pillar 2 “Customer information and prevention of conflicts of ● interest”: the aim of this Pillar is to improve customer information on insuranceand investmentproducts; Pillar 3 “Advice and long-term customer service”: this ● Pillar addresses the duty to advise and the updating of advice over the customer'slife and over the termof the business relationship, Pillar 4 “Price transparency”: the aim of this Pillar is full ● transparency for the customer regarding the prices charged by insurance distributors and rebates on insurance products (life and non-life); Pillar 5 “Continuoustraining”: the purpose of this Pillar is to ensure ● the continuous training of sales teams, taking into account both regulatory developments and best practices. Requirements, Pillar II Governance & ORSA, Pillar III Prudential reporting and public information). The Group created an Insurance Risk function in 2011. This function meets the requirements set out in the Financial Conglomerates Directive (FICOD) 2011/89 and its transposition in France by the Ministerial Order of November 3, 2014 governing the additional supervision of financial conglomerates, through the cross-divisional Group insurance risk monitoring system. NATIXIS ASSURANCES Natixis Assurancesis the Insurance division of the Natixis group and is divided intotwo businesses: the personal insurance business, focused on developing portfolios ● of life insurance and endowment policies for investment and retirement purposes, as well as provident insurance portfolios; the non-life insurance business, focused on developing portfolios ● for auto and multi-risk home insurance, personal accident insurance, legal protection, healthcare and property and casualty insurance.

ACTIVITIES IN 2017 In 2017, the main projects undertakenwith the functionwere aimed at expanding stress tests and forecastingunder Solvency II, Basel III, and the Financial Conglomerates Directive, and at strengthening governance: coordination of the Group’s approach to insurance stress tests, ● particularly the 2017 ORSAs (own risk and solvency assessments); establishment of detailed financial assumptions shared by the ● companies (ORSAs), as well as an analysis of results and recommendations; monitoringof major risks and contagionmechanisms; ● analysis of regulatoryinteractions(Basel III, Solvency II (1) , Financial ● Conglomerates Directive). After integrating the Group’s insurance companies into the bank ● ISTs (internal stress tests), as set out under the 2016 ICAAP (internal capital adequacy assessment process), the model was expandedto include: commissionspaid by insurancecompaniesto the retail networks, - as well asfees paidto the Group’s asset managers; stressed insurance inputs (based on ORSAs) in addition to the - economic and financial inputs used by the Group; the simulationof SCR and MCR SII sector ratios based on ICAAP - scenarios, to documentany capital requirementsunder stress; Insurance risk is the risk of any difference between expected and actual claims. Depending on the insurance product in question, the risk varies accordingto macroeconomicchanges,changesin customer behavior, changes in public healthcare policy, pandemics, accidents and natural disasters (such as earthquakes, industrial accidents or acts of terrorismor war). The Credit Insuranceactivity is also exposed to credit risk. Insurancerisk managementrequires solid comprehensionof technical insurance risks in order to meet commitments to insurers and policyholders. Particular attention must also be paid to the financial risks borne throughassets held to backcommitments. In addition to protectingthe balance sheet and income statementof insurance companies, the aim is to guarantee the solvency and liquidity of the insurance companies. To this end, Groupe BPCE’s companies have set up effective procedures aimed at measuring, reporting and supervising risks. A major preparatory stage ensured the implementation of systems which allows the Group to comply with the new regulatory requirements which came into effect on January 1, 2016 with the application of Solvency II (Pillar I Quantitative Solvency Technical insurance risks 3.11.9

3

The DRCCP exercises caution in terms of changes to Solvency II. It is due to be reviewed in December 2018 along with the standard formula. (1)

205

Registration document 2017